Strengthening Cyber Resilience Against State-Sponsored Threats Act

This bill would establish a joint interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate federal efforts against Chinese state-sponsored cyber threats, such as Volt Typhoon. The task force would align the activities of various Sector Risk Management Agencies to improve the detection, analysis, and response to these cyber actors. Additionally, the task force would be required to provide annual reports and briefings to Congress for six years regarding cyber threat assessments and mitigation recommendations.

The bill directly affects several federal agencies, primarily the Cybersecurity and Infrastructure Security Agency (CISA), which is tasked with leading a new interagency task force. Other impacted entities include the Department of Homeland Security, the Department of Justice, the Federal Bureau of Investigation, and various Sector Risk Management Agencies such as the Departments of Defense, Energy, and Agriculture. Additionally, the legislation targets the activities of Chinese state-sponsored cyber actors, specifically naming the group known as Volt Typhoon.

• Establishment of a joint interagency task force. The bill directs the Cybersecurity and Infrastructure Security Agency (CISA) to lead a task force dedicated to coordinating agency responses to Chinese state-sponsored cyber actors, such as Volt Typhoon.
• Coordination among Sector Risk Management Agencies. The task force will align the efforts of various agencies, including the Departments of Defense, Energy, and Agriculture, to ensure their actions against cyber threats are mutually reinforcing.
• Information sharing and agency cooperation. The Department of Homeland Security, Department of Justice, and Federal Bureau of Investigation must provide the task force with necessary analysis, audits, and inspections to support its mission.
• Congressional reporting and threat assessments. The task force is required to provide annual reports and briefings to Congress for six years, detailing cyber threat assessments and recommendations for improving detection and mitigation strategies.

• H.R. 2659, Strengthening Cyber Resilience Against State-Sponsored Threats Act
  May 5, 2025 · As ordered reported by the House Committee on Homeland Security on April 9, 2025

The bill establishes a reporting schedule requiring an initial report to Congress no later than 540 days after the task force is established, with subsequent annual reports for a period of six years.

The bill builds upon the President's National Security Memorandum-22 by requiring coordination among the Sector Risk Management Agencies identified in that memorandum, such as the Departments of Defense, Energy, and Agriculture. It also utilizes the existing organizational framework of the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security to lead the new task force.

The bill aims to enhance the federal government's ability to detect, analyze, and respond to Chinese state-sponsored cyber threats, such as Volt Typhoon, by establishing a joint interagency task force. This task force is intended to ensure that cybersecurity efforts across various Sector Risk Management Agencies are aligned, mutually reinforcing, and informed by shared intelligence and analysis.